{ config, pkgs, lib, ... }:

with lib;

let
  # Container config
  name = "netbootxyz";
  # Version tagging
  netbootxyzVersion = "3.0.0";
  # Storage optimization
  spindown = config.numbus-server.hardware.HddSpindown;
  optimizedDir = if spindown.enable && (spindown.optimize == "compatible" || (isList spindown.optimize && elem name spindown.optimize))
    then cfg.configDir
    else cfg.dataDir;
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.netbootxyz;
in

helper.mkPodmanService {
  inherit name;
  description = "Netboot.xyz, forget about flashing isos on USB sticks with PXE boot";
  pod = "false";
  defaultPort = "3004";
  configDirEnabled = optimizedDir == cfg.configDir;
  dataDirEnabled = optimizedDir == cfg.dataDir;
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "100999:100 ${cfg.configDir}"
    "100999:100 ${optimizedDir}"
    "100999:100 ${cfg.configDir}/config"
    "100999:100 ${optimizedDir}/assets"
  ];

  composeText = ''
    services:
      netbootxyz:
        image: ghcr.io/netbootxyz/netbootxyz:${netbootxyzVersion}
        container_name: netbootxyz
        hostname: netbootxyz
        user: '1000:1000'
        networks:
          netbootxyz:
            ipv4_address: 10.89.170.253
        ports:
          - "${cfg.port}:3000/tcp"
          - "69:69/udp"
          - "8008:80/tcp"
        volumes:
          - ${cfg.configDir}/config:/config
          - ${optimizedDir}/assets:/assets
        environment:
          - PUID=1000
          - PGID=1000
          - TZ=${time.timeZone}
          - PORT_RANGE=30000:30010
          - SUBFOLDER=/
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped

    networks:
      netbootxyz:
        driver: bridge
        name: netbootxyz
        ipam:
          config:
            - subnet: "10.89.170.0/24"
              gateway: "10.89.170.254"
  '';
}